Chubb Bulleid Law Firm Hit by Cactus Ransomware, Data Exposed
Incident Date:
July 30, 2024
Overview
Title
Chubb Bulleid Law Firm Hit by Cactus Ransomware, Data Exposed
Victim
Chubb Bulleid
Attacker
Cactus
Location
First Reported
July 30, 2024
Chubb Bulleid Law Firm Targeted by Cactus Ransomware Group
Chubb Bulleid, a prominent law firm based in Somerset, UK, has recently fallen victim to a ransomware attack orchestrated by the Cactus ransomware group. The attack, disclosed on July 31, 2024, has led to the exposure of a significant amount of sensitive and confidential information.
About Chubb Bulleid
Chubb Bulleid is a well-established law firm with offices in Wells, Street, and Somerton. Formed in March 1997 through a merger of Chubb Beresford and Bulleid Leeks & Co., the firm has expanded over the years, incorporating Alan R Walton & Company in 2004 and T.G. Pollard & Co. in 2015. The firm operates as a private limited company under the name Chubb Bulleid Limited, with the company number 05386876.
Chubb Bulleid provides a range of legal services to individuals, families, and businesses, both locally and internationally. The firm emphasizes community engagement and personalized service, maintaining strong ties with the local community. Their commitment to high-quality service has fostered a reputation for reliability and professionalism.
Details of the Ransomware Attack
The ransomware attack on Chubb Bulleid has resulted in the exposure of various sensitive documents, including litigation files, corporate data, non-disclosure agreements, contracts, employee records, financial documents, and internal correspondence. Screenshots of the leaked information have surfaced, although the download links have been redacted by the attackers. The firm has yet to publicly address the full extent of the damage or the specifics of the attack, and it is presumed that an investigation is underway.
About the Cactus Ransomware Group
The Cactus ransomware group, first discovered in March 2023, operates as a ransomware-as-a-service (RaaS). The group is known for exploiting vulnerabilities and leveraging malvertising lures for targeted attacks. Cactus ransomware affiliates use custom scripts to disable security tools and distribute the ransomware, targeting organizations across various industries.
Cactus ransomware employs unique encryption techniques to avoid detection, using a batch script to obtain the encryptor binary using 7-Zip and then deploying the encryptor binary with an execution flag. The group appends the file extension “.cts1” to the end of encrypted files. Their attacks often involve creating multiple accounts and adding them to the administrator's group to evade detection and escalate privileges.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.